package com.leedsoft.spittr.service;

import com.leedsoft.spittr.model.User;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * Created by leeds on 2017/11/13.
 */
@Service
public class HomeService {

    @Secured("ROLE_ADMIN")
    public String testSecurityMethod() {
        return ("admin 有权限调用------");
    }

//    @PreAuthorize("hasRole('USER')")
    @PostAuthorize("hasAuthority('ROLE_USER') && #user.age < 15 && returnObject.name == 'back'")
    public User testPrePostAuthorize(User user) {
        System.out.println("我执行了。。。。。。");
//        return "TEST PreAuthorize: 在执行方法前你必须拥有USER权限";
        user.setName("back");
        return user;
    }
    //引用参数集合和返回值集合中的一项，都是用的filterObject
//    @PreFilter(value = "hasRole('ROLE_ADMIN') || filterObject.age > 10")
//    @PostFilter(value = "hasRole('ROLE_ADMIN') || filterObject.age > 10")
    @PostFilter("hasPermission(filterObject, 'back')")
    public List<User> testPrePostFilter(List<User> inUsers) {
        User user = new User();
        user.setAge(8);
        user.setName("nana");
        inUsers.add(user);
        return inUsers;
    }
}
